Sophisticated attackers hacked Ukrainian electric grid

By Tami Abdollah, Associated Press

A U.S. investigation found that a December hack on the Ukrainian power grid was coordinated and highly sophisticated. The report offers a detailed look at one of the first cyberattacks to succeed in taking down part of a national power grid.

WASHINGTON (AP) — A U.S. investigation found that a December hack on the Ukrainian power grid was coordinated and highly sophisticated.

The report released Thursday offers a detailed look at one of the first cyberattacks to succeed in taking down part of a national power grid. The well-planned strike, which blacked out more than 225,000 people, hit three regional electronic power distribution companies within 30 minutes of each other on Dec. 23.

An attack such as this one has long been a nightmare scenario for top U.S. officials. National Security Agency and U.S. Cyber Command chief Adm. Michael Rogers has previously warned that it's not a matter of if, but when attackers will also target U.S. power systems.

The impacted sites continue to "run under constrained operations" more than two months later. In addition, the report states that three other organizations, some involved with unspecified Ukrainian "critical infrastructure," also appear to have been hacked — but didn't suffer overt impacts to their operations.

The U.S. sent a team of cyber officials including from the Department of Homeland Security, Department of Energy, and FBI to Ukraine to work with the government and learn lessons to prevent such future attacks.

The group didn't independently review technical evidence from the Dec. 23 cyberattack, although it conducted interviews and did other spadework to piece together what appears to be a highly targeted and advanced hack.

The hackers appeared to conduct "extensive reconnaissance of the victim networks," possibly by first using malware introduced via phony "phishing" emails to snag usernames and passwords to access the facility remotely and hit their circuit breakers.

At the end of the attack, hackers wiped targeted files on some of the systems at the three electrical companies using malware called "KillDisk," which also rendered the system inoperable.

The hackers also did their best to interfere with power-restoration efforts. For instance, they aimed to keep important servers inoperative by remotely disconnecting their "uninterruptable power supplies," which would normally keep the computers running even in a blackout. The attackers managed that by accessing an internal management program for those power supplies.

All the affected companies reported infections with malware known as "BlackEnergy," although investigators are still considering whether that specific malware played a role in the attacks.

Among several preventative measures, the report suggests that companies isolate systems used to run critical infrastructure from the Internet and that they limit the ability to remotely access these systems.

Did You Like this Article? Get All the Energy Industry News Delivered to Your Inbox

Subscribe to an email newsletter today at no cost and receive the latest news and information.

 Subscribe Now


Making DDoS Mitigation Part of Your Incident Response Plan: Critical Steps and Best Practices

Like a new virulent strain of flu, the impact of a distributed denial of service (DDoS) attack is...

The Multi-Tax Challenge of Managing Excise Tax and Sales Tax

To be able to accurately calculate multiple tax types, companies must be prepared to continually ...

Operational Analytics in the Power Industry

Cloud computing, smart grids, and other technologies are changing transmission and distribution. ...

Maximizing Operational Excellence

In a recent survey conducted by PennEnergy Research, 70% of surveyed energy industry professional...

Latest Energy Jobs

View more Job Listings >>

Archived Articles

PennEnergy Articles
2008 | 2009 | 2010 | 2011 | 2012 | 2013

OGJ Articles
2011 | 2012 | 2013

OGFJ Articles
2011 | 2012 | 2013

Power Engineering Articles
2011 | 2012 | 2013

Power Engineering Intl Articles
2011 | 2012 | 2013

Utility Products Articles
2011 | 2012 | 2013

HydroWorld Articles
2011 | 2012 | 2013

COSPP Articles
2011 | 2012 | 2013

ELP Articles
2011 | 2012 | 2013